zlacker

>>dsr12+(OP)
Really weird that nobody in the thread is pointing out that this is basically a website that says "give me your photos, specifically from protests, which have details that you want to keep private".

It doesn't matter that it theoretically all happen in the browser. You can serve different versions to different IPs etc. Every heuristic in me would be screaming don't use that if I would have a need for such tool.

>>comboy+iO
It's a simple static site with no server involved. Everything happens client side. You could turn off your internet while you're using it if you wanted to make sure no data is exposed.

>>aith+AS
True, but it's only safe if you do that. You have to either inspect the code every time you use the site or run it locally. Until subresource integrity [1] becomes widely used & the capability to 'pin' a given script to a specific version, web applications can not be used without at least trusting the owner of the domain.

A better example is Protonmail, a secure email service. It has a nice web client and there is an 3rd party desktop/electron version of the same size called Electronmail. While both essentially run identical code, the electron version is more secure because even Protonmail insert a backdoor for a single or # of users. They would have to at least publish the backdoor in the vanilla code at which point, the maintainers of Electronmail will probably raise the alarm.

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

>>KingMa+H61
Or, you could download the repository, validate it once for yourself and then use it repeatedly. It is open source, after all.